Add vcs webhook verification
This commit is contained in:
parent
3cc3fb316c
commit
7d79e4146f
4 changed files with 16 additions and 5 deletions
3
.env
3
.env
|
@ -83,4 +83,5 @@ _APP_CONSOLE_GITHUB_SECRET=
|
||||||
_APP_CONSOLE_GITHUB_APP_ID=
|
_APP_CONSOLE_GITHUB_APP_ID=
|
||||||
VCS_GITHUB_APP_NAME=
|
VCS_GITHUB_APP_NAME=
|
||||||
VCS_GITHUB_PRIVATE_KEY=
|
VCS_GITHUB_PRIVATE_KEY=
|
||||||
VCS_GITHUB_APP_ID=
|
VCS_GITHUB_APP_ID=
|
||||||
|
VCS_GITHUB_WEBHOOK_SECRET=
|
|
@ -401,8 +401,17 @@ App::post('/v1/vcs/github/incomingwebhook')
|
||||||
->inject('getProjectDB')
|
->inject('getProjectDB')
|
||||||
->action(
|
->action(
|
||||||
function (GitHub $github, Request $request, Response $response, Database $dbForConsole, callable $getProjectDB) use ($createGitDeployments) {
|
function (GitHub $github, Request $request, Response $response, Database $dbForConsole, callable $getProjectDB) use ($createGitDeployments) {
|
||||||
$event = $request->getHeader('x-github-event', '');
|
$signature = $request->getHeader('x-hub-signature-256', '');
|
||||||
$payload = $request->getRawPayload();
|
$payload = $request->getRawPayload();
|
||||||
|
|
||||||
|
$signatureKey = App::getEnv('VCS_GITHUB_WEBHOOK_SECRET', '');
|
||||||
|
|
||||||
|
$valid = $github->validateWebhook($payload, $signature, $signatureKey);
|
||||||
|
if(!$valid) {
|
||||||
|
throw new Exception(Exception::GENERAL_ACCESS_FORBIDDEN, "Invalid webhook signature.");
|
||||||
|
}
|
||||||
|
|
||||||
|
$event = $request->getHeader('x-github-event', '');
|
||||||
$privateKey = App::getEnv('VCS_GITHUB_PRIVATE_KEY');
|
$privateKey = App::getEnv('VCS_GITHUB_PRIVATE_KEY');
|
||||||
$githubAppId = App::getEnv('VCS_GITHUB_APP_ID');
|
$githubAppId = App::getEnv('VCS_GITHUB_APP_ID');
|
||||||
$parsedPayload = $github->parseWebhookEventPayload($event, $payload);
|
$parsedPayload = $github->parseWebhookEventPayload($event, $payload);
|
||||||
|
@ -716,4 +725,4 @@ App::get('/v1/vcs/github/installations/:installationId/repositories/:repositoryI
|
||||||
$detection['runtime'] = $runtime;
|
$detection['runtime'] = $runtime;
|
||||||
|
|
||||||
$response->dynamic(new Document($detection), Response::MODEL_DETECTION);
|
$response->dynamic(new Document($detection), Response::MODEL_DETECTION);
|
||||||
});
|
});
|
||||||
|
|
4
composer.lock
generated
4
composer.lock
generated
|
@ -2705,7 +2705,7 @@
|
||||||
"source": {
|
"source": {
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://github.com/utopia-php/vcs.git",
|
"url": "https://github.com/utopia-php/vcs.git",
|
||||||
"reference": "46f4de30652a057a0c19a6975276a6be8e12606f"
|
"reference": "01afc324865613f7b34ca9981745bfaaec8ec363"
|
||||||
},
|
},
|
||||||
"require": {
|
"require": {
|
||||||
"adhocore/jwt": "^1.1",
|
"adhocore/jwt": "^1.1",
|
||||||
|
@ -2750,7 +2750,7 @@
|
||||||
"utopia",
|
"utopia",
|
||||||
"vcs"
|
"vcs"
|
||||||
],
|
],
|
||||||
"time": "2023-06-12T12:48:43+00:00"
|
"time": "2023-06-15T10:13:29+00:00"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name": "utopia-php/websocket",
|
"name": "utopia-php/websocket",
|
||||||
|
|
|
@ -180,6 +180,7 @@ services:
|
||||||
- VCS_GITHUB_APP_NAME
|
- VCS_GITHUB_APP_NAME
|
||||||
- VCS_GITHUB_PRIVATE_KEY
|
- VCS_GITHUB_PRIVATE_KEY
|
||||||
- VCS_GITHUB_APP_ID
|
- VCS_GITHUB_APP_ID
|
||||||
|
- VCS_GITHUB_WEBHOOK_SECRET
|
||||||
|
|
||||||
appwrite-realtime:
|
appwrite-realtime:
|
||||||
entrypoint: realtime
|
entrypoint: realtime
|
||||||
|
|
Loading…
Reference in a new issue